Apple Releases Fix to Security Flaw in Mac Operating System

Apple Inc. released an update to its latest operating system for Mac computers and said it’s changing development practices after a significant security flaw was disclosed Tuesday that allowed people to log in without a password, potentially making private user data vulnerable.

The issue, discovered in the macOS High Sierra operating system for laptops and desktops that was released in September, would let anyone enter the word “root” when prompted for a username, and provide no password when logging on to the device.

That would permit unfettered access to the file system for a Mac, exposing private documents on that particular computer. One user reported the ability to also access the computer using the root login remotely.

The glitch is a rare and potentially embarrassing failure for Apple, whose software is generally known for being less prone to hacking and malware infections than Windows software from Microsoft Corp.

The previous version of the operating system didn’t appear to be affected by the bug.

“A password prompt that authenticates as root with an empty password would be a black eye for any OS.

Never mind one from a security and privacy-conscious company such as Apple,” Steve Troughton-Smith, a Mac software developer, wrote on Twitter.